← Back to CVEs
CVE-2017-17485
CRITICAL9.8
Description
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/10/2018
Last Modified8/27/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxfasterxml:jackson-databindnetapp:e-series_santricity_os_controllernetapp:e-series_santricity_web_services_proxynetapp:oncommand_shiftnetapp:snapcenterredhat:enterprise_linux_serverredhat:jboss_enterprise_application_platformredhat:openshift_container_platform
Weaknesses (CWE)
CWE-502CWE-502
References
http://www.securityfocus.com/archive/1/541652/100/0/threaded(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0116(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0342(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0478(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0479(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0480(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0481(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1447(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1448(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1449(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1450(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1451(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:2930(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:1782(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:1797(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2858(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:3149(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:3892(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/1855(cve@mitre.org)
https://github.com/irsl/jackson-rce-via-spel/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20180201-0003/(cve@mitre.org)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us(cve@mitre.org)
https://www.debian.org/security/2018/dsa-4114(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2020.html(cve@mitre.org)
http://www.securityfocus.com/archive/1/541652/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0116(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0342(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0478(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0479(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0480(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0481(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1447(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1448(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1449(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1450(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1451(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2930(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1782(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1797(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2858(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3149(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3892(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1855(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/irsl/jackson-rce-via-spel/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180201-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4114(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.